60 matches found
CVE-2026-58521
The CVE-2026-58521 entry concerns an SQL injection in the Wikimedia Foundation’s Mediawiki Cargo Extension. Affected versions are Cargo Extension before 1.43.9, 1.44.6, and 1.45.4. The issue arises from improper neutralization of special elements in SQL commands when using the year range filter, ...
EUVD-2026-41102
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...
CVE-2026-58519
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from before 3.9.1...
CVE-2026-39841
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39840
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
EUVD-2026-19927
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
EUVD-2026-19929
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39841
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39840
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39839
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39837
CVE-2026-39837 is a stored XSS vulnerability in the WikiWorks MediaWiki – Cargo Extension affecting versions before 3.8.7. The issue stems from the improper neutralization of Script-Related HTML tags in a web page, enabling stored cross-site scripting. The connected records do not provide explici...
CVE-2026-39837 Stored XSS through the dynamic table format in Cargo
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39837 Stored XSS through the dynamic table format in Cargo
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39841
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39841
The CVE-2026-39841 vulnerability is a Stored XSS in the MediaWiki Cargo Extension (pre-3.8.7) due to improper neutralization of Script-Related HTML tags in list fields on Cargo pages and Special:CargoTables. This affects how Cargo handles page values, allowing injected scripts to be stored and po...
CVE-2026-39840
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39840 CSS injection in multiple Cargo display formats
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39840
The CVE-2026-39840 issue affects Wikimedia Foundation MediaWiki’s Cargo Extension (before version 3.8.7). It is caused by improper neutralization of input during web page generation, enabling cross-site scripting (XSS) that targets non-script elements. Impact is user-side script execution with th...
CVE-2026-39839
CVE-2026-39839 affects Wikimedia Foundation MediaWiki Cargo Extension prior to 3.8.7. It is a Stored XSS vulnerability caused by improper neutralization of Script-Related HTML tags in a web page, exploitable via map format URLs stored by the extension. The impact is stored XSS with potential user...
CVE-2026-39839
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...